Hallo,
ich habe OpenVPN manuell konfiguriert, doch leider funktioniert es nicht richtig.
Wenn ich mich verbinde, bekomme ich folgende Meldung:
Windows
Android
(Ich habe die richtige IP-Adresse in 111.111.111.111 geändert)
Letzte Zeilen der Debug-Datei
openvpn.ovpn
openvpn.conf.user
Welche Ports müssen denn für OpenVPN (TCP) freigegeben werden? Ich habe es mehrmals überprüft und der Port 1194 müsste überall freigegeben sein. Die meisten anderen Ports (443, etc.) habe ich gesperrt. Wenn es nicht an den Ports liegt, woran könnte es dann liegen?
VG
Mark
ich habe OpenVPN manuell konfiguriert, doch leider funktioniert es nicht richtig.
Wenn ich mich verbinde, bekomme ich folgende Meldung:
Windows
Code:
Thu Jul 23 04:14:30 2020 us=828725 Attempting to establish TCP connection with [AF_INET]111.111.111.111:1194 [nonblock]
Thu Jul 23 04:14:30 2020 us=828725 MANAGEMENT: >STATE:1595470470,TCP_CONNECT,,,,,,
Thu Jul 23 04:14:31 2020 us=834997 TCP connection established with [AF_INET]111.111.111.111:1194
Thu Jul 23 04:14:31 2020 us=834997 TCP_CLIENT link local: (not bound)
Thu Jul 23 04:14:31 2020 us=834997 TCP_CLIENT link remote: [AF_INET]111.111.111.111:1194
Thu Jul 23 04:14:31 2020 us=834997 MANAGEMENT: >STATE:1595470471,WAIT,,,,,,
Thu Jul 23 04:14:31 2020 us=834997 Connection reset, restarting [0]
Thu Jul 23 04:14:31 2020 us=834997 TCP/UDP: Closing socketAndroid
Code:
04:01:02.470 -- Connecting to [meinedomain.de]:1194 (111.111.111.111) via TCPv4
04:01:02.532 -- TCP recv error: Connection reset by peer
04:01:02.532 -- Transport Error: Transport error on 'meinedomain.de: NETWORK_RECV_ERROR
04:01:02.533 -- EVENT: TRANSPORT_ERROR info='Transport error on 'meinedomain.de: NETWORK_RECV_ERROR'
04:01:02.535 -- Client terminated, restarting in 5000 ms...(Ich habe die richtige IP-Adresse in 111.111.111.111 geändert)
Letzte Zeilen der Debug-Datei
Code:
Thu Jul 23 02:50:32 2020 us=560421 OpenVPN 2.3.11 armle-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Feb 21 2020
Thu Jul 23 02:50:32 2020 us=560494 library versions: OpenSSL 1.0.2u-fips 20 Dec 2019, LZO 2.09
Thu Jul 23 02:50:32 2020 us=573852 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1195
Thu Jul 23 02:50:32 2020 us=574405 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Thu Jul 23 02:50:32 2020 RADIUS-PLUGIN: Configfile name: /var/packages/VPNCenter/target/etc/openvpn/radiusplugin.cnf.
Thu Jul 23 02:50:32 2020 us=602972 PLUGIN_INIT: POST /var/packages/VPNCenter/target/lib/radiusplugin.so '[/var/packages/VPNCenter/target/lib/radiusplugin.so] [/var/packages/VPNCenter/target/etc/openvpn/radiusplugin.cnf]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT
Thu Jul 23 02:50:32 2020 us=603112 NOTE: --fast-io is disabled since we are not using UDP
Thu Jul 23 02:50:32 2020 us=632503 Diffie-Hellman initialized with 2048 bit key
Thu Jul 23 02:50:32 2020 us=658246 Control Channel Authentication: using '/usr/syno/etc/packages/VPNCenter/VPNcerts/ta.key' as a OpenVPN static key file
Thu Jul 23 02:50:32 2020 us=658400 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Jul 23 02:50:32 2020 us=658455 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Jul 23 02:50:32 2020 us=658554 TLS-Auth MTU parms [ L:1572 D:1170 EF:80 EB:0 ET:0 EL:3 ]
Thu Jul 23 02:50:32 2020 us=658642 Socket Buffers: R=[87380->87380] S=[16384->16384]
Thu Jul 23 02:50:32 2020 us=659168 TUN/TAP device tun0 opened
Thu Jul 23 02:50:32 2020 us=659276 TUN/TAP TX queue length set to 100
Thu Jul 23 02:50:32 2020 us=659340 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Jul 23 02:50:32 2020 us=659447 /sbin/ifconfig tun0 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Thu Jul 23 02:50:32 2020 us=663102 Data Channel MTU parms [ L:1572 D:1450 EF:72 EB:143 ET:0 EL:3 AF:3/1 ]
Thu Jul 23 02:50:32 2020 us=663215 Listening for incoming TCP connection on [undef]
Thu Jul 23 02:50:32 2020 us=663283 TCPv4_SERVER link local (bound): [undef]
Thu Jul 23 02:50:32 2020 us=663323 TCPv4_SERVER link remote: [undef]
Thu Jul 23 02:50:32 2020 us=663372 MULTI: multi_init called, r=256 v=256
Thu Jul 23 02:50:32 2020 us=663488 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Thu Jul 23 02:50:32 2020 us=663569 MULTI: TCP INIT maxclients=5 maxevents=9
Thu Jul 23 02:50:32 2020 us=663664 Initialization Sequence Completedopenvpn.ovpn
Code:
remote meinedomain.de 1194
dhcp-option DNS 10.8.0.1
# client.crt
# client.key
# CA.crt
#ta.key
key-direction 1
verb 4
nobind
float
block-outside-dns
register-dns
redirect-gateway def1
dev tun
proto tcp-client
pull
tls-client
remote-cert-tls server
cipher AES-256-CBC
prng SHA256 32
auth SHA256
tls-version-min 1.2 or-highest
fast-io
comp-lzo no
auth-user-pass
auth-nocacheopenvpn.conf.user
Code:
log /var/log/openvpn.log
verb 4
server 10.8.0.0 255.255.255.0
push "route 192.168.0.0 255.255.255.0"
push "route 10.8.0.0 255.255.255.0"
max-clients 5
topology subnet
push "sndbuf 0"
push "rcvbuf 0"
sndbuf 0
rcvbuf 0
management 127.0.0.1 1195
dev tun
proto tcp-server
port 1194
persist-tun
persist-key
cipher AES-256-CBC
prng SHA256 32
auth SHA256
tls-version-min 1.2 or-highest
tls-auth /usr/syno/etc/packages/VPNCenter/VPNcerts/ta.key 0
remote-cert-tls client
dh /usr/syno/etc/packages/VPNCenter/VPNcerts/dh2048.pem
ca /usr/syno/etc/packages/VPNCenter/VPNcerts/CA.crt
cert /usr/syno/etc/packages/VPNCenter/VPNcerts/Server.crt
key /usr/syno/etc/packages/VPNCenter/VPNcerts/Server.key
fast-io
comp-lzo no
keepalive 10 60
plugin /var/packages/VPNCenter/target/lib/radiusplugin.so /var/packages/VPNCenter/target/etc/openvpn/radiusplugin.cnf
status /tmp/ovpn_status_2_result 30
status-version 2Welche Ports müssen denn für OpenVPN (TCP) freigegeben werden? Ich habe es mehrmals überprüft und der Port 1194 müsste überall freigegeben sein. Die meisten anderen Ports (443, etc.) habe ich gesperrt. Wenn es nicht an den Ports liegt, woran könnte es dann liegen?
VG
Mark
Zuletzt bearbeitet:
